[arm-allstar] Does this look like someone is brute force attacking my node?

Chris Smart csmart8 at cogeco.ca
Wed Feb 26 12:33:40 EST 2020


Thanks Doug.
Will do.

At 11:55 AM 2/26/2020, you wrote:
>Chris,
>
>  The Linux command prompt is what you get when you ssh in and select item 9
>"Start Bash Shell Interface" on the menu. When that is selected you are in
>Linux command mode and all Linux commands apply. Bash is a scripting
>language. I suggest if you want to become more efficient in Linux that you
>get one of the many books available on the topic.
>
>
>*73 Doug*
>
>*WA3DSP*
>
>*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
>On Wed, Feb 26, 2020 at 1:49 AM "Chris Smart via ARM-allstar" <
>arm-allstar at hamvoip.org> wrote:
>
> > Dumb beginner question time: what's bash? Is that the prompt I get
> > when I use WINSCP to connect to my Mnode and edit .conf files?
> >
> > (different from the menus I get when I SSH in?)
> >
> > At 04:14 PM 2/25/2020, you wrote:
> >
> > >Also, there is random password generation software installed in the
> > >HamVoIP distro, accessible from the bash prompt. For example, to make a
> > >10 character long random password:
> > >
> > >makepasswd -l 10
> > >
> > >73, David KB4FXC
> > >
> > >
> > >
> > >On Tue, 25 Feb 2020, "Doug Crompton via ARM-allstar" wrote:
> > >
> > > > BTW - if you want a way to generate a good random PW here is a site:
> > > >
> > > > https://passwordsgenerator.net/
> > > >
> > > > Just make sure you write passwords down somewhere in a safe place!
> > > >
> > > >
> > > > *73 Doug*
> > > >
> > > > *WA3DSP*
> > > >
> > > > *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> > > >
> > > > On Tue, Feb 25, 2020 at 2:14 PM Doug Crompton <wa3dsp at gmail.com>
> > wrote:
> > > >
> > > > > Please keep in mind that in most cases there is no reason to port
> > forward
> > > > > the ssh port unless you need or want control of your node from a
> > remote
> > > > > source. Most node operators do not, but they forward this port
> > anyhow. If
> > > > > you have only an occasional need for outside access then only
> > forward for
> > > > > that need. Also keep in mind that other than the additional
> > > traffic, using
> > > > > a good random greater than 10 character upper/lower, numeric, special
> > > > > character password is not going to get broken. They eventually give
> > up.
> > > > > Also the ssh process itself will slow them down.
> > > > >
> > > > > So lets not make a big deal about this. It comes up like many
> > > other topics
> > > > > on this list on a cyclic basis when someone complains. The for days
> > it
> > > > > becomes the topic of discussion. It has gone on forever and will go
> > on
> > > > > forever. No you can't trace with any reliability who it is so
> > > it is usually
> > > > > not even worth the time trying.
> > > > >
> > > > >
> > > > > *73 Doug*
> > > > >
> > > > > *WA3DSP*
> > > > >
> > > > > *http://www.crompton.com/hamradio 
> <http://www.crompton.com/hamradio> >*
> > > > >
> > > > > On Tue, Feb 25, 2020 at 1:53 PM "Don Backstrom - AA7AU via
> > ARM-allstar" <
> > > > > arm-allstar at hamvoip.org> wrote:
> > > > >
> > > > >> On Tue 25-Feb-20 06:52, "kd6gdb--- via ARM-allstar" wrote:
> > > > >> > Most of em are automated attacks from china.
> > > > >>
> > > > >>         As the admin for a number of publicly viewable [mostly
> > > > >> low-volume]
> > > > >> websites, I see lots and lots and lots of bot attacks, of all sorts,
> > > > >> from IP addresses from all over the world, including from the
> > good-old
> > > > >> USA.
> > > > >>
> > > > >>         For most sites, I am able to block by underlying generally
> > > > >> accurate
> > > > >> country code for the IP range, but that doesn't stop the US-based
> > > > >> attacks (whom I cannot block in toto). Many of those are from
> > Amazon,
> > > > >> GoDaddy, etc type hosting accounts and I suspect most of those
> > accounts
> > > > >> are throw-away. Many of the rest from the US seem to be from
> > residential
> > > > >> networks.
> > > > >>
> > > > >>         It's anyone guess who is behind any one one of these bot
> > > > >> networks, but
> > > > >> I can tell exactly where the fault lies ... those gentle innocent
> > folks
> > > > >> who have NOT properly protected* their home/small-biz
> > computers/accounts
> > > > >> - which then became infected by the bad guys and are now the hidden
> > > > >> fortresses for those bot networks.
> > > > >>
> > > > >>         <opinion> *BTW: properly protected does NOT mean simply
> > paying
> > > > >> someone
> > > > >> else for a glossy "Anti-whatever" package and understanding nothing
> > > > >> about it. It also, in my mind at least, means NOT running Windows10
> > > > >> unless you understand it and have fully secured it. M$ is a big
> > part of
> > > > >> the problem, certainly not the solution. </opinion>
> > > > >>
> > > > >>         If it's convenient, you're at risk (as well as everyone
> > else)!
> > > > >>
> > > > >>         We have met the enemy and he is us!  (Pogo Papers, c. 1953)
> > > > >>
> > > > >>         Just another perspective,
> > > > >>
> > > > >>         - Don - AA7AU
> > > > >> _______________________________________________
> > > > >>
> > > > >> ARM-allstar mailing list
> > > > >> ARM-allstar at hamvoip.org
> > > > >> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > > > >>
> > > > >> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > > > >>
> > > > >
> > > > _______________________________________________
> > > >
> > > > ARM-allstar mailing list
> > > > ARM-allstar at hamvoip.org
> > > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > > >
> > > > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> > > >
> > >
> > >_______________________________________________
> > >
> > >ARM-allstar mailing list
> > >ARM-allstar at hamvoip.org
> > >http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > >Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
>_______________________________________________
>
>ARM-allstar mailing list
>ARM-allstar at hamvoip.org
>http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
>Visit the BBB and RPi2/3/4 web page - http://hamvoip.org



More information about the ARM-allstar mailing list